If you are not using a binary (precompiled) version of MySQL
that has been built with SSL support, configure a MySQL
source distribution to use SSL. When you configure MySQL,
invoke the configure script with the
--with-vio and
--with-openssl options:

To establish a secure connection to a MySQL server with SSL
support, the options that a client must specify depend on the
SSL requirements of the user account that the client uses. (See
the discussion of the REQUIRE clause in
Section 12.4.1.2, “GRANT Syntax”.)

If the account has no special SSL requirements or was created
using a GRANT statement that
includes the REQUIRE SSL option, a client can
connect securely by using just the
--ssl-ca option:

shell> mysql --ssl-ca=ca-cert.pem

To require that a client certificate also be specified, create
the account using the REQUIRE X509 option.
Then the client must also specify the proper client key and
certificate files or the server will reject the connection:

In other words, the options are similar to those used for the
server. Note that the Certificate Authority certificate has to
be the same.

A client can determine whether the current connection with the
server uses SSL by checking the value of the
Ssl_cipher status variable.
The value of Ssl_cipher is
nonempty if SSL is used, and empty otherwise. For example: